A Facebook bug let app developers see photographs users had uploaded, but never posted, the social network said.
For two weeks in September, an error in the way Facebook shares photographs with third parties meant that apps could see not only photos users had posted on their Newsfeed, but also pictures in other parts of the site — on Facebook Stories or Facebook’s Marketplace, for instance.
The bug also “impacted photos that people uploaded to Facebook, but chose not to post,” Facebook developer Tomer Bar said in a statement on Friday.
Importantly, the only applications that had access to the hidden photographs were those to which users had already granted access to all their public photos, through the company’s application programming interface, Bar said.
“Currently, we believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” Bar said.
Users affected are those who had given permission to third-party apps to access their photos through the Facebook log-in function. There is no evidence that the bug led to any large-scale extraction of photos from the site.
“We’re sorry this happened,” Bar added. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”
The error is comparatively minor given Facebook’s scale.
In September, almost five times as many accounts were affected by a data breach in which hackers accessed personal information, including name, relationship status, search activity and recent location check-ins.
“The vulnerability was the result of a complex interaction of three distinct software bugs and it impacted ‘view as,’ a feature that lets people see what their own profile looks like to someone else,” Facebook vice president of product management Guy Rosen said at the time.
“It allowed attackers to steal Facebook access tokens, which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” he added.
An American scientist convicted of lying to US authorities about payments from China while he was at Harvard University has rebuilt his research lab in Shenzhen, China, to pursue technology the Chinese government has identified as a national priority: embedding electronics into the human brain. Charles Lieber, 67, is among the world’s leading researchers in brain-computer interfaces. The technology has shown promise in treating conditions such as amyotrophic lateral sclerosis and restoring movement in paralyzed people. It also has potential military applications: Scientists at the Chinese People’s Liberation Army have investigated brain interfaces as a way to engineer super soldiers by boosting
Indonesian police have arrested 13 people after shocking images of alleged abuse against small children at a daycare center went viral, sparking outrage across the nation, officials said on Monday. Police on Friday last week raided Little Aresha, a daycare center in Yogyakarta on Java island, following a report from a former employee. CCTV footage circulating on social media showed children, most younger than two, lying on the floor wearing only diapers, their hands and feet bound with rags. The police have confirmed that the footage is authentic. Police said they also found 20 children crammed into a room just 3m by 3m. “So
A highway bomb attack in a restive region of southwestern Colombia on Saturday killed 14 people and injured at least 38, the latest spate of violence ahead of next month’s presidential election. Authorities blamed the attack in the Cauca department — a conflict-ridden, coca-growing region — on dissidents of the now-disbanded FARC guerrilla army, who have been sowing violence across the country. “Those who carried out this attack ... are terrorists, fascists and drug traffickers,” Colombian President Gustavo Petro said on social media. “I want our very best soldiers to confront them,” he added. The leftist leader blamed the bombing
From post offices and parks to stations and even the summit of Mount Fuji, Japan’s vending machines are ubiquitous, but with the rapid pace of inflation cooling demand for their drinks, operators are being forced to rethink the business. Last month beverage giant DyDo Group Holdings announced it would remove about 20,000 vending machines — about 7 percent of their stock nationwide — by January next year, to “reconstruct a profitable network.” Pokka Sapporo Food & Beverage, based in Nagoya, also said last month it would sell its 40,000-machine operation to Osaka-based Lifedrink Co. “The strength of the vending machine
RSS